Set up a dns server on centos to resolve any domain name

Source: Internet
Author: User
Tags dnssec

Set up a dns server on centos to resolve any domain name

Function:
1. Recently, the company launched a new web server, such as 111.111.111.111.
Colleagues are required to test whether the server is normal. In a LAN segment, it is difficult for everyone to modify the hosts. This method can be used.
For example, yumaozdy.com (yumaozdy.com this domain name has been resolved on the public network) specifies the domain name to access this IP address 111.111.111.111

2. For example, the domain name www. test248lvs. cc is not resolved. To allow access by LAN colleagues, you do not need to bind hosts for access.

After configuring the DNS server, modify the DNS of the router or the DNS of the computer to be tested.

If the domain name is configured with cdn, you cannot bypass the cdn by modifying the dns of the vro. You must specify the local DNS.

First look at what is DNS: http://baike.baidu.com/link? Url = required _

DNS Server IP Address: 192.168.1.219

Server version: centos6.6

I. Software Installation

[root@localhost ~]# yum -y install bind*

Ii. Modify the master configuration file

[Root @ localhost ~] # Cp/etc/named. conf/etc/named. conf. bak # back up the file before modification

[root@localhost ~]# vi /etc/named.conf  

Change to the following:

Options {listen-on port 53 {any ;}; // listen to port 53 of the host. Any indicates listening to all the host directories "/var/named"; // if there is a correct zone file name under this file, which Directory should this file name be placed under? // The following three items are service-related statistical information dump-file "/var/named/data/cache_dump.db "; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query {any ;}; // who can send a query request to my DNS server. Any represents anyone recursion yes; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; forwarders {// specify the upper-layer DNS server 192.168.1.1 ;}; bindkeys-file "/etc/named. iscdlv. key "; managed-keys-directory"/var/named/dynamic ";}; logging {channel default_debug {file" data/named. run "; severity dynamic ;};}; zone ". "IN {type hint; file" named. ca ";}; include"/etc/named. rfc1912.zones "; include"/etc/named. root. key ";

Iii. Custom domain name resolution Configuration

[Root @ localhost ~] # Vi/etc/named. rfc1912.zones # For example, if you want to add the yumaozdy.com domain, you can add the following zone "yumaozdy.com" IN {// defines the type master domain name to be resolved; file "yumaozdy.com. zone "; // The specific parsing configuration file is saved in/var/named/yumaozdy.com. zone file };

Iv. Custom yumaozdy.com. zone File

[Root @ ns named] # vi/var/named/yumaozdy.com. the full text of zone is as follows: $ TTL 86400 @ in soa ns.yumaozdy.com. root (1; serial 1D; refresh 1 H; retry 1 W; expire 0); minimum @ in ns ns.yumaozdy.com. ns in a 192.168.1.219www in a 192.168.1.45bbs in a 192.168.1.46ttt in a 192.168.1.68

// Ns.yumaozdy.com indicates the name of the current dns server. Therefore, ns.yumaozdy.com must be resolved to itself.

Www in a 192.168.1.45 // indicates that www.yumaozdy.com is resolved to the 192.168.1.45 server. Other similar

5. Modify permissions

[Root @ ns named] # chown root: named yumaozdy.com. zone # This step is required

6. Restart the service

[root@dns_server named]# service named restart

7. New Domain name resolution

If we want to append the resolution of a domain. For example, google.com:

Vi/etc/named. rfc1912.zones // Add the following zone "google.com" IN {type master; file "google.com. zone ";}; [root @ ns named] # cp-a yumaozdy.com. zone google.com. zone [root @ ns named] # vi google.com. zone $ TTL 86400 @ in soa ns.google.com. root (1; serial 1D; refresh 1 H; retry 1 W; expire 0); minimum @ in ns ns.google.com. ns in a 192.168.1.219www in a 192.168.1.11bbs in a 192.168.1.46ttt in a 192.168.1.68

Restart the service after the configuration is complete.

[root@dns_server named]# service named restart

8. Disable selinux (omitted)

9. add firewall rules

vi /etc/sysconfig/iptables-A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT-A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT-A INPUT -m state --state NEW -m tcp -p tcp --dport 953 -j ACCEPT

Add Rules and save them (Note the location)

service iptables restart

10. Test
Vim/etc/resolv. conf
Nameserver 192.168.1.219

Save

Pingwww.yumaozdy.com and other domain names can be resolved

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.